StyleHill is a rogue application that we discovered while inspecting new submissions to VirusTotal. After investigating this piece of software, we determined that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It is designed to disp
Pekka is a Remote Access Trojan (RAT) designed to target Android users. This malicious software enables cybercriminals to remotely control infected Android devices, granting them access to manage files, contacts, and calls, record keystrokes, and carry out other harmful activities. Pekka is avail
Our research team found the OlSaveLock ransomware during a routine inspection of new submissions to VirusTotal. This malicious program encrypts data and demands ransoms for its decryption. This malware also belongs to the MedusaLocker ransomware family. On our testing system, OlSaveLock encrypted
Geacon is the name of a malicious program targeting Mac OSes (Operating Systems). Geacon's history begins with the Go programming language implementation of Cobalt Strike – an infamous Windows OS malware. The Go versions had not been previously observed in heavy use for attacks on macOS devices.
Our investigation of the Ultimate Basketball Fan Extension found that it takes over web browsers by modifying their settings. The main purpose of this browser-hijacking extension is to promote a fraudulent search engine called search.basketball-fan.com. Also, it is possible that the Ultimate Baske
RA Group is ransomware that encrypts data, modifies filenames, and drops a ransom note. Every attack may involve a unique ransom note ("How To Restore Your Files.txt") tailored specifically for the targeted company or organization. The same may apply to the extension added to the filenames of encr
While inspecting new submissions to the VirusTotal website, our research team discovered the LoyalShroud app. After investigating this application, we determined that it is adware belonging to the AdLoad malware family. Adware stands for advertising-supported software. It operates by run
After examining the "Impossibility Of Your Transferring Your Funds" email, we determined that it is spam. This phishing letter states that the recipient has been sent an ATM card containing 10.5 million US dollars. The lengthy email mentions various real entities to create an impression of legiti
Our research team discovered the Xaro ransomware-type program while investigating new submissions to VirusTotal. This program is part of the Djvu ransomware family. After we executed a sample of Xaro on our test machine, it encrypted files and appended their filenames with a ".xaro" extension. To
Our research team found the ughtsustacheds[.]com rogue page while investigating suspect websites. It is designed to promote dubious content and browser notification spam. Additionally, this site can redirect visitors to other (likely unreliable/malicious) webpages. Users typically access pages li